Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

composer status incorrectly reports version variations when using a source.type: git package in repositories #11155

Closed
diegoe opened this issue Oct 27, 2022 · 0 comments
Labels
Milestone

Comments

@diegoe
Copy link

diegoe commented Oct 27, 2022

So, composer status incorrectly does a false positive when you define a source.type: git package in your repositories config.

Browsing through the code it seems that when preparing to compare versions, the given source.reference is assumed to be directly comparable to a commit ID:

https://github.com/composer/composer/blob/main/src/Composer/Command/StatusCommand.php#L113-L141

I would propose that there's justification to add a provision for git version checks, that tags and their commit IDs should have additional comparisons, meaning something like if (source.reference != commit) ... else if (source.reference != "git describe --exact-match commit") ... else ....

I have been able to reproduce on private projects, but this seemed like a simple enough test case to show the observed problem.

In this example, btw, git correctly reports the matching ref:

$ git describe --exact-match b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
2.4.3

My composer.json:

{
    "name": "test/project",
    "type": "project",
    "repositories": [
        {
            "type": "package",
            "package": {
                "name": "composer/composer",
                "version": "2.4.3",
                "type": "drupal-library",
                "source": {
                    "url": "git@github.com:composer/composer.git",
                    "type": "git",
                    "reference": "2.4.3"
                }
            }
        }
    ],
    "require": {
        "composer/composer": "^2.4"
    }
}

Output of composer diagnose:

Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
Checking platform settings: OK
Checking git settings: OK git version 2.38.1
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Composer version: 2.5.999-dev+source
PHP version: 8.1.11
PHP binary path: /opt/homebrew/Cellar/php/8.1.11/bin/php
OpenSSL version: OpenSSL 1.1.1q  5 Jul 2022
cURL version: 7.85.0 libz 1.2.11 ssl (SecureTransport) OpenSSL/1.1.1q
zip: extension present, unzip present, 7-Zip not available

When I run this command:

composer status -vvv

I get the following output:

Running 2.5.999-dev+source (@release_date@) with PHP 8.1.11 on Darwin / 21.6.0
Reading ./composer.json (/upstream/composer/test-project/composer.json)
Loading config file /Users/diego/.composer/config.json
Loading config file /Users/diego/.composer/auth.json
Loading config file ./composer.json (/upstream/composer/test-project/composer.json)
Checked CA file /opt/homebrew/etc/ca-certificates/cert.pem: valid
Executing command (/upstream/composer/test-project): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Failed to initialize global composer: Composer could not find the config file: /Users/diego/.composer/composer.json

Reading ./composer.lock (/upstream/composer/test-project/composer.lock)
Reading /upstream/composer/test-project/vendor/composer/installed.json
Executing command (/upstream/composer/test-project/vendor/composer/composer): git status --porcelain --untracked-files=no
Executing command (/upstream/composer/test-project/vendor/composer/composer): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list main..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/main..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/2.4..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/2.2..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/1.10..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing command (/upstream/composer/test-project/vendor/composer/composer): git describe --exact-match --tags
Executing command (/upstream/composer/test-project/vendor/composer/composer): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list main..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/main..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/2.4..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/2.2..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing async command (/upstream/composer/test-project/vendor/composer/composer): git rev-list remotes/origin/1.10..b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4
Executing command (/upstream/composer/test-project/vendor/composer/composer): git describe --exact-match --tags
Executing command (/upstream/composer/test-project/vendor/composer/composer): git show-ref --head -d
You have version variations in the following dependencies:
/upstream/composer/test-project/vendor/composer/composer:
    From 2.4.3 (2.4.3) to 2.4.3 (b34c0e9a93f2cd688c62ce4dfcc69e13b6ce7aa4)

And I expected this to happen:
No version variation reported

Old related bug: #5555

@Seldaek Seldaek added this to the 2.4 milestone Oct 27, 2022
@Seldaek Seldaek added the Bug label Oct 27, 2022
emahorvat52 pushed a commit to emahorvat52/composer that referenced this issue Feb 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants